unsubscribe

[Michelle Kinna]

-----Original Message-----
From: Robert Moskowitz <rgm at ICSA.NET>
To: VPN at SECURITYFOCUS.COM <VPN at SECURITYFOCUS.COM>
Date: Thursday, February 03, 2000 5:12 PM
Subject: Re: SKIP Evaluation?


>At 12:16 AM 2/1/2000 +0100, Vasek Petricek wrote:
>
>>I see - now I have read more SKIP docs and I still like the idea with
>>using a long lived master key. What is your opinion on the tradeoff
>>between relatively frequent reestablishment of SA's (IPSec) and rare
>>exchanges but additional cost of sending the keys in packets?
>
>I have to word this carefully.
>
>I HAVE studied SKIP, Photuris, and IKE.  I was in the center of the
>Maelstrom that started with the Dallas IETF and ended in Montreal.
>
>We had poorly defined requirements for a KMP see:
>
>ftp://ftp.ietf.cnri.reston.va.us/ietf-online-proceedings/94jul/area.and.wg.
r
>eports/sec/ipsec/ipsec-minutes-94jul.txt
>
>A craftsman does not bye a all ratchet do-hiky, a handyman does.  We put
>all of our eggs in to IKE.  Given the times, this was understandable, but
>we are paying for it now.
>
>THere are things I like about SKIP and those I do not.  Ashar had some
>particular goals that he never well articulated.  I think that Phil Karn
>came the closest to articulating his goals, but he lost control of Photuris
>in the end, and publically asked to have his name removed from the
>documents (Dallas or LA, can't remember which one).
>
>All engineering is a comprimise.  If you know your goals you can optimize
>from them and know why you made certain choices.
>
>Yes, I have been busy for the past 12 months refining MY KMP requirements.
>
>
>Robert Moskowitz
>ICSA.net
> (248) 968-9809
>Fax: (248) 968-2824
>rgm at icsa.net
>
>There's no limit to what can be accomplished
>if it doesn't matter who gets the credit
>
>VPN is sponsored by SecurityFocus.COM
>

VPN is sponsored by SecurityFocus.COM